[syslog-ng] elasticsearch 5 on rhe 6.4

Czanik, Péter peter.czanik at balabit.com
Thu Dec 8 05:22:25 UTC 2016


This is the part installing the elasticsearch2 driver:

yum install syslog-ng-java

My syslog-ng package is broken into a core package and sub packages, as I
want to make all components available, but don't want to install everything
by default due to the large number of dependent packages. The above package
includes all the java-based destination drivers.


Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream

On Thu, Dec 8, 2016 at 3:30 AM, Russell Fulton <r.fulton at auckland.ac.nz>

> Hi
> I had syslog-ng 3.8.1 (built from tar ball) working nicely with ES 2.x
> running on the local machine as a pilot.  Last week I got two new machines
> to run ES on with lots of memory and SSD.   I installed ES 5.x on them and
> upgraded ES to 5.x on the original pilot machine.
> So I now have a cluster of 3.
> Back to the original machine that has the feed from syslog-ng I was
> puzzled by the stream of error messages regarding 2.x client that was
> trying to connect.  It took me a while to figure out that this must be the
> syslog-ng plug in.  Stopping syslog-ng stopped the errors.
> A web search quickly found:
> https://www.balabit.com/blog/syslog-ng-and-elasticsearch-5-
> getting-started-on-rhelcentos/
> So I set about reinstalling syslog-ng from Peter’s repos — there were some
> issues but I got there without too much problem. (see notes at the end).
> My config file matched the blog example pretty closely - I need to add the
> http transport for ES 5.x but that was the only change,
> When I tried to start the new version of syslog-ng I get an error saying
> that it can not find the elasticsearch2 plugin.  I can’t find any reference
> to insgtalling the plugin in the post.  Did I miss something.
> My old config also had @module mod-java line but this does not appear to
> make any difference.
> I have gone back to the 3.8 manual but can not find anything about having
> to install the ES plugin so I am thoroughly puzzled.
> Any ideas what is wrong?
> Russell
> Problems with the syslog-ng epel 6 repos:
> since I was on RHE 6 I figured I needed the epel6 rather than the epel7
> repo so I
>  wget https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/
> repo/epel-6/czanik-syslog-ng38-epel-6.repo
> but when I tried to install Yum said
> https://copr-be.cloud.fedoraproject.org/results/
> czanik/syslog-ng38/epel-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL
> ERROR 22 - "The requested URL returned error: 404 Not Found”
> After a little poking I figured that the url should be /syslog-ng38eple6/
> and that worked.
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161208/8543675e/attachment-0001.html>

More information about the syslog-ng mailing list